MediaWiki TemplateSandbox Extension < 1.24 XSS Vulnerability (Jan 2015) - Active Check

The TemplateSandbox extension for MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)

The version of VMware vCenter Server Appliance installed on the remote host is 5.1 prior to Update 3. It is, therefore, affected by an unspecified cross-site scripting vulnerability. A remote attacker can exploit this by means of a specially crafted URL or malicious web page, which can result in...

Microsoft Internet Explorer XSS Filter CVE-2014-6328 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...

Splunk Enterprise 5.0.x < 5.0.10 / 6.1.x < 6.1.4 Multiple Vulnerabilities

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.10 or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities : - The included OpenSSL library contains a TLS downgrade weakness. By using fragmented ClientHello...

Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)

According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles...

WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities

WordPress Digital Zoom Studio DZS Video Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)

A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...

HP Sprinter Tidestone Formula One ActiveX Multiple Memory Corruption (CVE-2014-2635)

Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...

MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

The version of ASP.NET MVC Model View Controller installed on the remote host is affected by an unspecified cross-site scripting vulnerability. A remote unauthenticated attacker could exploit this flaw to execute arbitrary script code in a user's browser subject to the privileges of the user...

Joomla! 2.5.x < 2.5.25 / 3.x < 3.2.5 / 3.3.x < 3.3.4 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.25, 3.x prior to 3.2.5, or 3.3.x prior to 3.3.4. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the commedi...

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

Kajona CMS Multiple Cross-Site Scripting Vulnerabilities

Kajona CMS is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress SI CAPTCHA Anti-Spam Plugin Cross Site Scripting Vulnerability

WordPress SI CAPTCHA Anti-Spam Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

WordPress Facebook Promotion Generator Plugin Cross Site Scripting Vulnerability

WordPress Facebook Promotion Generator Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

WordPress Contact Form Plugin Cross Site Scripting Vulnerability

WordPress Contact Form Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

RaidenTunes - music_out.php Cross-Site Scripting

RaidenTunes - musicout.php Cross-Site Scripting source: https://www.securityfocus.com/bid/42167/info RaidenTunes is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

CMSimple - Default Administrator Credentials

source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities source: https://www.securityfocus.com/bid/68519/info WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, acces...

ownCloud Multiple Vulnerabilities-04 (Jul 2014)

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...

Toms Gästebuch 1.00 form.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25507/info Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...